I was startled to discover recently that the the "share" links on questions include one's account ID. Luckily, no harm came of it for me -- I've only shared StackExchange links in a professional context -- but I know that not everyone would consider it safe to reveal their SE identity when linking. (E.g. they might have their real name attached to SE, but not to the context they're linking from.) This becomes more and more relevant as SE expands into new topics.

I think people assume that by sharing a SE link they are not revealing their identities; how can we support this assumption, or at least make it very clear that the assumption is incorrect?

Edit: To open up the discussion, I've posted my initial thoughts on options as answers. (Also, if this should be a feature-request instead of discussion, let me know -- or just change it over. This is my first time interacting with the Meta side of things.)

It's worth keeping in mind that links can be copy/pasted from anywhere. That someone posts a link to some SO content in some other forum, does not necessarily mean that the ID embedded in that link is actually that of the person who is posting the link. It's true that it commonly is; but the person might have found the link in some other context, where the owner of the ID provided it. I don't think it truly de-anonymizes the user unless additional analysis is applied, and as a lot of research has shown, "additional analysis" in general will de-anonymize, regardless of specific features.
– Peter DunihoAug 1 '15 at 0:45

3

Honestly, I can't see where this would be a problem. As far as I have seen people always feel comfortable/not comfortable associating their names based on the topic, not the site. If for example you don't feel comfortable associating your name with your interest in scifi you won't do it on here either and thus when you share a link it won't contain any 'bad' information. And if you do feel comfortable about it, then there is no problem in the first place right?
– David MulderAug 1 '15 at 13:33

I remember this being discussed on the Mathematics meta (or maybe Math Overflow). I'm having trouble finding the link...
– Peter OlsonAug 1 '15 at 14:23

4

-1 -- If you are so paranoid about anonymity you already know this and how to work around it or if you are in a situation where anonymity is so fundamental you must carefully take all the time required to avoid this kind of problems (e.g. posting using a "fake" account with a random string as name, registered with a brand new email not resembling your name via Tor, from a public internet café from a city you chose randomly a random amount of time before and being careful to write in a way that nobody could recognize your style of writing).
– BakuriuAug 1 '15 at 14:28

2

+1 I never realized the share button included my user id. I can think of serveral situations where this could have potentially made a difference for me if the other person had noticed...
– Anubian NoobAug 1 '15 at 14:45

2

I think this is a small enough issue not to be worth cluttering up the interface with checkmarks, but it doesn't seem like it would hurt to throw some simple kid-sister proof encryption on the user ID.
– Jack MAug 1 '15 at 23:29

3

Maybe give every user another unique identifier (or hash the existing uuid, but that would make the link longer) that could be used in the links, and is never displayed? That way, those who work at SO know who shared the link, and those who don't wouldn't know. (this may be overkill)
– JojodmoAug 1 '15 at 23:47

1

@Bakuriu Not interested in discussing "paranoia" or whether people "should have known". That's out of scope: I already know 5 people who "should have known", did not, and are sad about it. It's a bad UI, and I want to discuss a way to move forward.
– phyzomeAug 2 '15 at 15:42

OK, I'm going to take a different approach -- splitting up ideas into the Answers section.
– phyzomeAug 2 '15 at 21:41

5 Answers
5

Option: Add a checkbox to include/exclude the user ID ("Give me credit [?]"). Here's what it would look like at baseline, and when the user hovers over the "[?]":

This approach gives the user a choice about whether to include their user ID. Checking the box on and off would toggle which link is displayed in the text field and used in social media buttons, which for many StackExchange sites (with shorter names) would be a visible change. This is also a place to direct the user to an explanation of why they would want this.

The checkbox would default to on, but the setting would persist in a cookie or account preference.

This is my personal favorite option, since it educates, provides a choice, and keeps same sharing functionality for most users.

Love this. The checkbox could also go at the top, replacing "(includes your user id)" text. It should be labelled "Include your user ID" (to be clear it's yours, not the OP's). It could also be labelled "Earn badges by sharing" or something like that (then the help text explains "share link includes your user id for tracking and rewarding badges").
– ADTCApr 8 '18 at 5:20

It doesn't give you an option for whether or not your user id should be included, but at least it will help keep people from inadvertently sharing that id without realizing it.

Rather than let this sit unsolved for even longer while we figure out (read: argue about) exactly what this box should be for and what functionality it needs to accomplish that, we have just made a little copy change that should hopefully resolve the accidental privacy issue.

There are certainly other things we could do with this module, including many of the suggestions made here--giving people the choice whether to include the id, explaining about the Announcer badge, etc. To that end, folks are still welcome to make suggestions about this box's functionality and design, of course. I'd just recommend doing so in a new feature-request for the sake of clarity.

This is good. How about a adding a super small link to the copy to fix the entire issue, (includes your user id - remove)? (with "remove" being an underlined link)
– Pekka 웃Dec 1 '16 at 17:59

I'm confused as to what the solution is. Was it just to say '(includes your user id)'?! Isn't it too small and counter intuitive?!
– HoneyApr 4 '18 at 15:59

phyzome's option of having a checkbox with a help text sounds much better than this. Initially it could just use Javascript and cookies to store the current selection in browser, but eventually (if there's demand) it could be AJAX-ed into the user profile as a profile setting (overriding any cookies).
– ADTCApr 8 '18 at 5:12

Originally share was called link and it was just that, a link to the question/answer. I remember the rename and it annoyed me because share is a very poor name. Link is a good name because it describes what it is, share is a bad name because it only describes a possible use of the item. And it is misleading as well because the name implies that that you will actively share it to someone when you click share which is not the case at all.
For this reason alone I would like share to be renamed to share-link or share link.

Having share links is not bad per se, but the users should be able to chose (for instance if putting links in comments in corporate source code, personal links might not be appropriate).

A checkbox as suggested might work, but will make the non-default option cumbersome. Profile setting is just too static and makes it way to cumbersome to switch. Why not provide both options at the same time and let users choose what they want directly:

share-link plain-link edit close flag

This adds no complexity in configuration of any kind and it is super obvious for users at all levels - including first time users - that a link to the same thing exists in two variations. As a bonus this will be extremely simple to implement.

Option: Include the user ID in a way that does not allow anyone but SO to identify the user (AES + HMAC + a bunch of entropy.)

By including the user ID in this way, users don't have to worry about deanonymizing themselves under normal circumstances, but the site still collects the data. (A security breach or a cryptography failure could still lead to this.)

Bear in mind this would not be a simple hash of the user ID. There are not many user IDs (on the order of a million?), so building a table of hashes would be trivial. The link would need to include entropy under AES+HMAC or similar so that shared links cannot be correlated across sites. This would make the URL a bit longer.